Changes to support PAC and 802.1X interaction (#89)

#Why I did it These changes are done to support the interaction between PAC and the 8021.X which is in sonic-wpasupplicant. #How I did it #How to verify it
sonic-net · Oct 7, 2024 · 6153c6d · 6153c6d
1 parent 3c7fd8e
commit 6153c6d
Show file tree

Hide file tree

Showing 8 changed files with 101 additions and 4 deletions.
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
@@ -2773,6 +2773,9 @@ static int hostapd_ctrl_iface_eapol_reauth(struct hostapd_data *hapd,
 	if (!sta || !sta->eapol_sm)
 		return -1;
 
+#ifdef CONFIG_SONIC_HOSTAPD
+	memset(&sta->attr_info, 0, sizeof (sta->attr_info));
+#endif
 	eapol_auth_reauthenticate(sta->eapol_sm);
 	return 0;
 }

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
@@ -19,6 +19,9 @@
 #include "common/ieee802_11_defs.h"
 #include "radius/radius.h"
 #include "radius/radius_client.h"
+#ifdef CONFIG_SONIC_RADIUS
+#include "radius/radius_attr_parse.h"
+#endif
 #include "eap_server/eap.h"
 #include "eap_common/eap_wsc_common.h"
 #include "eapol_auth/eapol_auth_sm.h"
@@ -460,6 +463,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
 		return -1;
 	}
 
+#ifndef CONFIG_SONIC_RADIUS
 	if (sta->flags & WLAN_STA_PREAUTH) {
 		os_strlcpy(buf, "IEEE 802.11i Pre-Authentication",
 			   sizeof(buf));
@@ -487,6 +491,7 @@ static int add_common_radius_sta_attr(struct hostapd_data *hapd,
 			return -1;
 		}
 	}
+#endif
 
 	if ((hapd->conf->wpa & 2) &&
 	    !hapd->conf->disable_pmksa_caching &&
@@ -565,8 +570,13 @@ int add_common_radius_attr(struct hostapd_data *hapd,
 		return -1;
 	}
 
+#ifdef CONFIG_SONIC_RADIUS
+	len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT,
+			  MAC2STR(hapd->own_addr));
+#else
 	len = os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":",
 			  MAC2STR(hapd->own_addr));
+#endif
 	os_memcpy(&buf[len], hapd->conf->ssid.ssid,
 		  hapd->conf->ssid.ssid_len);
 	len += hapd->conf->ssid.ssid_len;
@@ -708,7 +718,13 @@ void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd,
 		wpa_printf(MSG_INFO, "Could not add User-Name");
 		goto fail;
 	}
-
+#ifdef CONFIG_SONIC_RADIUS
+	else {
+	    memset(sta->attr_info.userName,'\0', sizeof(sta->attr_info.userName));
+	    strncpy(sta->attr_info.userName, sm->identity, sm->identity_len);
+	    sta->attr_info.userNameLen = sm->identity_len;
+	}
+#endif
 	if (add_common_radius_attr(hapd, hapd->conf->radius_auth_req_attr, sta,
 				   msg) < 0)
 		goto fail;
@@ -1183,6 +1199,19 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
 		sta->eapol_sm->eapolLogoff = true;
 		sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++;
 		eap_server_clear_identity(sta->eapol_sm->eap);
+
+#ifdef CONFIG_SONIC_HOSTAPD
+		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "sending client_disconnect for EAPOL-Logoff from STA");
+		/* Inform PAC */
+		if (0 != hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "client_disconnected", NULL))
+        {
+		  hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+			       HOSTAPD_LEVEL_DEBUG,
+			       "sending client_disconnect for EAPOL-Logoff from STA not successful");
+        }
+#endif
 		break;
 
 	case IEEE802_1X_TYPE_EAPOL_KEY:
@@ -2006,6 +2035,14 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 			break;
 #endif /* CONFIG_NO_VLAN */
 
+#ifdef CONFIG_SONIC_RADIUS
+    if (0 != radiusClientAcceptProcess(msg, &sta->attr_info))
+    {
+      wpa_printf(MSG_DEBUG, "radiusClientAcceptProcess failed \n");
+    }
+#endif
+
+#ifndef CONFIG_SONIC_RADIUS
 		sta->session_timeout_set = !!session_timeout_set;
 		os_get_reltime(&sta->session_timeout);
 		sta->session_timeout.sec += session_timeout;
@@ -2018,6 +2055,7 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
 			ap_sta_session_timeout(hapd, sta, session_timeout);
 		else
 			ap_sta_no_session_timeout(hapd, sta);
+#endif
 
 		sm->eap_if->aaaSuccess = true;
 		override_eapReq = 1;
@@ -2110,6 +2148,11 @@ void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta)
 			MAC2STR(sta->addr));
 
 		sm->eap_if->portEnabled = false;
+#ifdef CONFIG_SONIC_RADIUS
+		/* Invoke driver to inform PAC */
+		hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr,
+                    "auth_timeout", (void *) sta);
+#endif
 		ap_sta_disconnect(hapd, sta, sta->addr,
 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
 	}
@@ -2998,5 +3041,16 @@ static void ieee802_1x_finished(struct hostapd_data *hapd,
 		 * EAPOL authentication to be started to complete connection.
 		 */
 		ap_sta_delayed_1x_auth_fail_disconnect(hapd, sta);
-	}
+
+#ifdef CONFIG_SONIC_HOSTAPD
+		/* Invoke driver to inform PAC */
+    hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_fail", (void *) sta);
+#endif
+	}
+#ifdef CONFIG_SONIC_HOSTAPD
+ else {
+		/* Invoke driver to inform PAC */
+    hostapd_drv_auth_resp_send(hapd, hapd->conf->iface, sta->addr, "auth_success", (void *) sta);
+ }
+#endif
 }
diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h
@@ -82,6 +82,9 @@ struct eap_eapol_interface {
 	struct wpabuf *aaaEapRespData;
 	/* aaaIdentity -> eap_get_identity() */
 	bool aaaTimeout;
+#ifdef CONFIG_SONIC_HOSTAPD
+	bool client_reauth;
+#endif
 };
 
 struct eap_server_erp_key {

diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c
@@ -231,7 +231,12 @@ SM_STATE(EAP, INITIALIZE)
 	}
 
 	sm->try_initiate_reauth = false;
+#ifdef CONFIG_SONIC_HOSTAPD
+	if (!sm->eap_if.client_reauth)
+	    sm->currentId = -1;
+#else
 	sm->currentId = -1;
+#endif
 	sm->eap_if.eapSuccess = false;
 	sm->eap_if.eapFail = false;
 	sm->eap_if.eapTimeout = false;
@@ -402,6 +407,11 @@ SM_STATE(EAP, METHOD_REQUEST)
 		return;
 	}
 
+#ifdef CONFIG_SONIC_HOSTAPD
+	wpa_printf(MSG_DEBUG, "EAP: lastId %d",
+		   sm->lastId);
+#endif
+
 	sm->currentId = eap_sm_nextId(sm, sm->currentId);
 	wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d",
 		   sm->currentId);

diff --git a/src/eapol_auth/eapol_auth_sm.c b/src/eapol_auth/eapol_auth_sm.c
@@ -168,6 +168,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
 		}
 	}
 
+#ifndef CONFIG_SONIC_HOSTAPD
 	if (state->reAuthWhen > 0) {
 		state->reAuthWhen--;
 		if (state->reAuthWhen == 0) {
@@ -176,6 +177,7 @@ static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx)
 				   MAC2STR(state->addr));
 		}
 	}
+#endif 
 
 	if (state->eap_if->retransWhile > 0) {
 		state->eap_if->retransWhile--;
@@ -241,13 +243,25 @@ SM_STATE(AUTH_PAE, DISCONNECTED)
 
 SM_STATE(AUTH_PAE, RESTART)
 {
+#ifdef CONFIG_SONIC_HOSTAPD
+#ifdef HOSTAPD
+	sm->eap_if->client_reauth = false;
+#endif
+#endif
 	if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) {
 		if (sm->reAuthenticate)
 			sm->authAuthReauthsWhileAuthenticated++;
 		if (sm->eapolStart)
 			sm->authAuthEapStartsWhileAuthenticated++;
 		if (sm->eapolLogoff)
 			sm->authAuthEapLogoffWhileAuthenticated++;
+
+#ifdef CONFIG_SONIC_HOSTAPD
+#ifdef HOSTAPD
+		if (sm->reAuthenticate)
+	        sm->eap_if->client_reauth = true;
+#endif
+#endif
 	}
 
 	SM_ENTRY_MA(AUTH_PAE, RESTART, auth_pae);
@@ -503,8 +517,9 @@ SM_STATE(BE_AUTH, RESPONSE)
 SM_STATE(BE_AUTH, SUCCESS)
 {
 	SM_ENTRY_MA(BE_AUTH, SUCCESS, be_auth);
-
+#ifndef CONFIG_SONIC_HOSTAPD
 	txReq();
+#endif
 	sm->authSuccess = true;
 	sm->keyRun = true;
 }
@@ -513,8 +528,9 @@ SM_STATE(BE_AUTH, SUCCESS)
 SM_STATE(BE_AUTH, FAIL)
 {
 	SM_ENTRY_MA(BE_AUTH, FAIL, be_auth);
-
+#ifndef CONFIG_SONIC_HOSTAPD
 	txReq();
+#endif
 	sm->authFail = true;
 }
 

diff --git a/src/eapol_auth/eapol_auth_sm.h b/src/eapol_auth/eapol_auth_sm.h
@@ -17,6 +17,10 @@
 struct eapol_auth_config {
 	const struct eap_config *eap_cfg;
 	int eap_reauth_period;
+#ifdef CONFIG_SONIC_HOSTAPD
+	int eap_server_timeout;
+	int eap_quiet_period;
+#endif
 	int wpa;
 	int individual_wep_key_len;
 	char *eap_req_id_text; /* a copy of this will be allocated */

diff --git a/src/eapol_auth/eapol_auth_sm_i.h b/src/eapol_auth/eapol_auth_sm_i.h
@@ -73,7 +73,11 @@ struct eapol_state_machine {
 	unsigned int reAuthCount;
 	/* constants */
 	unsigned int quietPeriod; /* default 60; 0..65535 */
+#ifdef CONFIG_SONIC_HOSTAPD
+#define AUTH_PAE_DEFAULT_quietPeriod 2
+#else
 #define AUTH_PAE_DEFAULT_quietPeriod 60
+#endif
 	unsigned int reAuthMax; /* default 2 */
 #define AUTH_PAE_DEFAULT_reAuthMax 2
 	/* counters */

diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
@@ -237,6 +237,9 @@ void wpa_printf(int level, const char *fmt, ...)
 			va_start(ap, fmt);
 			vprintf(fmt, ap);
 			printf("\n");
+#ifdef CONFIG_SONIC_RADIUS
+			fflush(stdout);
+#endif
 			va_end(ap);
 		}
 #endif /* CONFIG_ANDROID_LOG */